Please have a look at the HOTP or TOTP samples installed together with main SecureBlackbox distribution (/Users/Public/Documents/EldoS/SecureBlackbox.VCL/Samples/Delphi/PKIBlackbox/OTP). This sample should help you understand how OTP classes work.

I explain what i need:
Actually we sign using TElCAdESSignatureProcessor, using TElPKCS11CertStorage as store. I need to add a remote sign function using an OTP as key generator (provided by the certification authority). I think i must define a server, and an option to insert the token generated key.

Unfortunately it's not clear, how exactly it should look like. "Using an OTP as key generator (provided by the certification authority)" - how is this supposed to work? Do you have a reference to some protocol/standard that illustrates what you want to achieve?

Essentially is a remote sign of a document. Actually we sign using TElCAdESSignatureProcessor, using TElPKCS11CertStorage as store.
The certificate provider give an otp for each certificate to validate the certificate.

I believe we are talking about different OTPs here. The OTP (one time password) implementation provided by SecureBlackbox refers to schemes where the server generates and verifies a unique password for the client for one-off authentication. These schemes do not involve certificates at all and only deal with straightforward password-based authentication of the client to the server.

From what you are saying I conclude that you are looking for the technology/mechanism that can address the following task: there is some service somewhere (maybe a token but not necessarily) which is capable of signing data if the user provides a correct authenticator (password or PIN), and you want to integrate that into your signing software (but the service is not accessible via PKCS#11 so you need a solution that will work remotely). Is that right? In any case, a brief explanation of your circumstances and goals would help us much to understand the problem. Any links, examples, illustrations will actually do.

I'm looking for a way to do a remote digital signature:
Is a type of digital signature, which is accessible via the network (Intranet and / or Internet), in which the signer's private key is stored along with the signature certificate, within a secure remote server (based on an HSM - Hardware Security Module) by an accredited certifier.
The petitioner is identified by the service and authorizes the affixing of the signature by a security mechanism (PIN static, OTP token, etc).

I can't find a regulation document, but you can saw this product sheet:
http://www.arx.com/files/DOCUMENTS/eIDAS-Regulation-Fact-Sheet.pdf

I am afraid that we need some formal technical specification of the process in order to implement (or suggest the way to implement) this process. I saw schemes similar to the one you describe in some banks, but they are different across the banks.

Do you need to conform to some existing scheme (and protocol) or you just want to implement the scheme similar to what you have described?

We use cookies to help provide you with the best possible online experience. By using this site, you agree that we may store and access cookies on your device. You can find out more about and set your own preferences here.